CVE-2022-4433

MEDIUM Year: 2022
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-126
View all →

Vulnerability Description

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Related Vulnerabilities

CVE-2021-22563

MEDIUM
CVSS:4.4(Medium)

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines b...

CWE-1262021

CVE-2022-4432

MEDIUM
CVSS:4.4(Medium)

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CWE-1262022

CVE-2022-4434

MEDIUM
CVSS:4.4(Medium)

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.

CWE-1262022

CVE-2022-4435

MEDIUM
CVSS:4.4(Medium)

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CWE-1262022

CVE-2023-43568

MEDIUM
CVSS:4.4(Medium)

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CWE-1262023

CVE-2023-43572

MEDIUM
CVSS:4.4(Medium)

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CWE-1262023